CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43141 – WordPress Participants Database plugin <= 2.5.9.2 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-43141
07 Aug 2024 — Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2. The Participants Database plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.9.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP ch... • https://patchstack.com/database/vulnerability/participants-database/wordpress-participants-database-plugin-2-5-9-2-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •